SecureIoT is a project that aims to increase supply chain resilience through continuous monitoring of operational technology systems. It uses independent observer devices to detect attacks, errors, and abnormal machine behavior early. The devices monitor process data using security analytics and machine learning to identify anomalies. SecureIoT also facilitates secure access and automated configuration audits to help maintain security and prevent infection transmission between machines. Its goal is to help protect against slow, targeted attacks on manufacturing systems and their supply chains.
2. • Communication risk
• Intelligent things can be manipulated
• Included software not known
Facilitating Supply Chain Resilience
Supply Chain at risk
3. SecureIoT - Use Case Industrie 4.0
Supply Chain Resilience
Example: STUXNET-like Attack
• Individualized attack
• Slow attack
• Probably trained by a lot of publicly available system data
Attack-Surface
• Attack takes place at the manufacturer - or in a malicious module as spare
part or update
• System-SW may contain virus base.
• The fact that powerful systems are built into Edge means that there is
capacity for attacks there.
• Unknown sleeping malicious systems (or backdoors, fixed passwords)
• Wake up by "signal", e.g. “pattern" in specific product configuration
• Problem: Prediction only limited, for "not yet affected systems”
4. Supply Chain Resilience
SecureIoT capabilities
Security of the operating status is unknown
We must observe the operation independently of the
machines.
SecureIoT is independent observer and analyst.
Process Monitoring - Detection of process anomalies
(Security Analytics) monitors process data to:
• detect attacks
• detect operator errors
• detect abnormal machine behaviour in early stage
supporting predictive maintenance
Trustworthiness enables Secure Access (Developer
Support)
Automated IIoT Configuration Audit (Compliance Audit)
6. SecureIoT – Detection and Prediction of Attacks
SecureIoT Process Monitoring
Part
Order
Attack
Attack
AI based Security Analytics
• Learning / Training
• Process Mining
• Pattern recognitionEdge
Analytics
Future
Objective
7. M2M Scheduler
M2M – Trustworthiness Evaluation facilitates secure Access
Evaluate Process Log-
files
Calculate Characteristics
Trustworthiness
Probes
ABAC Policy Engine
Grants access based on
dynamic evaluation of
Trustworthiness
8. Automated IIoT Configuration Audit facilitates Resilience
Secure IIoT Deployment
Push configuration to SecureIoT CMDB
Changes trigger
Use Case Frontend
To be implemented
Automatic
Request
for Audit
Automatic
Response:
Audit
ResultUse Case Frontend
ABAC Policy Engine – Administrative Backend
SecureIoT CMDB
Request CIs
Respond CIs
CMDB
Probes
1
4
2
3
5
6
7
9. Takeaways
Machines have a long service life and rarely
have updates
Machines are always the target of massive
attacks
Supply Chain Resilience facilitated by
SecureIoT
• Monitoring and anomaly detection
through additional and independent IoT
devices
• Prevention of infection transmission to
other machines through trustworthy
access
• Maintenance of the required security
level through secure configuration